25 Sep
2018
25 Sep
'18
9:07 a.m.
Hello,
Can we add a discussion in upcoming meetings about the participation of SMMU in the booting procedure?
In the past there's been a number of proposals on how to mitigate attacks, were a rogue PCI card is inserted into the system. Some of them include shutting down external DMA ports until the OS explicitly powers them up or blocking DMA using BME bit etc
Keeping in mind this will enhance the security of devices would it make sense to include it as a 'MUST' if the hardware is present or a recommendation would be enough? If we enable if a number of questions will rise as well such as, What happens if the SMMU is already configured? Should the OS reconfigure it ?
/Ilias